using System;
using System.Collections;
using System.Data;
using System.Data.SqlClient;
using System.Security.Principal;
using ctsu.Data;

namespace ctsu.Security
{
	public enum Permission
	{
		Administrator,
		ReadWrite,
		ReadOnly,		
		AccessDenied
	}

	public enum Hierarchy
	{
		Administration,
		Department,
		Item
	}

	public class AppSecurity
	{		
		private User _user;
		private string _connectionString;
		
		public User ApplicationUser
		{
			get{return _user;}
		}

        public AppSecurity()
        {        
        }

		public AppSecurity(string connectionString)
		{
			this._connectionString = connectionString;			
		}

		public bool VerifyUser(string user, string password)
		{
			this._user = new User();						
			int uid;
			ArrayList roles;
                        
            //SqlConnection conn = new SqlConnection(this._connectionString);
            
			string sql = "SELECT ID, FirstName, LastName " +
				" FROM Users" +
				" WHERE Login = '" + user + "'" +
				" AND password = '" + password + "'" +
				" AND Deactivated = 0";
            IDataReader rdr = null;

            //SqlCommand cmd = new SqlCommand(sql, conn);
            //SqlDataReader rdr = null;

            bool isData = false;
			try
			{
                //conn.Open();
                //rdr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
                rdr = DataAccess.GetDataReader(sql);
                isData = rdr.Read();
                if (!isData)
                {
                    _user.IsAuthenticated = false;
                    return false;
                }

                uid = rdr.GetInt32(0);
                _user = new User(uid, rdr.GetString(1), rdr.GetString(2));

                rdr.Close();
                
                //get user roles
                sql = "SELECT ID, Hierarchy, Permission, Item  " +
                    " FROM UserRoles " +
                    " WHERE UserID =" + uid;

                isData = false;
                Role rol = null;

                //cmd = new SqlCommand(sql, conn);
                //rdr = cmd.ExecuteReader(CommandBehavior.CloseConnection);
                rdr = DataAccess.GetDataReader(sql);

                isData = rdr.Read();
                if (!isData)
                {
                    throw new Exception("There are no permissions defined");
                }

                roles = new ArrayList();
                rol = new Role(rdr.GetInt32(0), (Hierarchy)rdr.GetInt32(1), (Permission)rdr.GetInt32(2), rdr.GetInt32(3));
                roles.Add(rol);

                while (rdr.Read())
                {
                    rol = new Role(rdr.GetInt32(0), (Hierarchy)rdr.GetInt32(1), (Permission)rdr.GetInt32(2), rdr.GetInt32(3));
                    roles.Add(rol);

                }
                

                _user.Roles = roles;
                _user.IsAuthenticated = true;
                return true;
			
			}
			catch(Exception ex)
			{
				//rethrow the exception and let the client catch it.
				throw ex;				
			}
			finally
			{
                if (rdr != null)
                {
                    if(!rdr.IsClosed)
                        rdr.Close();
                }
			}						
		}

		public bool VerifyUserRights(User user, int formID)
		{
			return true;
		}

	}
}
